Easy VPN issue

Unanswered Question
Jun 11th, 2007
User Badges:

Hi friends,

I am stuck with an Easy VPN issue. The VPN is between a Cisco 877 IOS 12.4(11)T2 acting as an Easy VPN client and the Cisco VPN Concentrator 3015 Ver 4.1.7 as the VPN server.

The tunnel comes up successfully. The following is the output of:

show crypto ipsec client ezvpn 1721

Easy VPN Remote Phase: 6

Tunnel name : 1721

Inside interface list: BVI1

Outside interface: Dialer0

Current State: IPSEC_ACTIVE


Address: 207.x.243.139 (applied on Loopback10000)


DNS Primary: 207.x.241.11

DNS Secondary: 207.x.241.76

Save Password: Allowed

Current EzVPN Peer: xxx

THe VPN concentrator has been configured to tunnel everything. Now all traffic to Internet also must go through the VPN concentrator but it goes directly to the ISP cloud and bypasses the tunnel. So, internet works but bypassing the tunnel.

The tunnel though up is unable to send traffic through it.

I am also enclosing the running configuration of the problemmatic 877 router.

Additionally, with the same configuration on another 1721 router, it works. So, i believe that the problem lies only on the

877 router (EasyVPN client) and not the VPN server (VPN Concentrator 3015)

I am also enclosing the running configuration of the working 1721 router.

Looking forward to your inputs on this.

Thanks a lot


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gautamzone Wed, 06/13/2007 - 08:31
User Badges:

Hi friends,

I am sorry if i was not clear enough in my previous post.

To make it simple, i would like to know if anyone of you have configured 877 router successfully as an Easy VPN client. If yes, i would like to get the config from you. You could take off the sensitive details like IP addresses, passwords etc and share it with me.

I will compare them with mine and figure out the gap.

Thanks a lot


a.shaukat Wed, 06/27/2007 - 04:46
User Badges:


ive never actually used easy vpn config instead i make mine myself to connect to a router at the other end...

but .. shouldnt there be a match ACL# command be there where you define the peer in the crypto map..???

to tell which traffic should go through the tunnel..???


This Discussion